βΌ CVE-2023-31597 βΌ
π Read
via "National Vulnerability Database".
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1132 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32100 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_driver_mac_computein Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32096 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30333 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2481 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0965 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36326 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36328 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discoveredΓ in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.π Read
via "National Vulnerability Database".
π΄ Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict π΄
π Read
via "Dark Reading".
Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.π Read
via "Dark Reading".
Dark Reading
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict
Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.
π΄ KeePass Vulnerability Imperils Master Passwords π΄
π Read
via "Dark Reading".
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password β and proof-of-concept code is available.π Read
via "Dark Reading".
Dark Reading
KeePass Vulnerability Imperils Master Passwords
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password β and proof-of-concept code is available.
βΌ CVE-2023-2024 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29720 βΌ
π Read
via "National Vulnerability Database".
SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2025 βΌ
π Read
via "National Vulnerability Database".
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31655 βΌ
π Read
via "National Vulnerability Database".
redis-7.0.10 was discovered to contain a segmentation violation.π Read
via "National Vulnerability Database".
π΄ Enterprises Rely on Multicloud Security to Protect Cloud Workloads π΄
π Read
via "Dark Reading".
As enterprises adopt multicloud, the security picture has gotten foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.π Read
via "Dark Reading".
Dark Reading
Enterprises Rely on Multicloud Security to Protect Cloud Workloads
As enterprises adopt multicloud, the security picture has become foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.
βΌ CVE-2022-35798 βΌ
π Read
via "National Vulnerability Database".
Azure Arc Jumpstart Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-30470 βΌ
π Read
via "National Vulnerability Database".
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24832 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23556 βΌ
π Read
via "National Vulnerability Database".
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32680 βΌ
π Read
via "National Vulnerability Database".
Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a databaseΓ’β¬βbut affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: AnyoneΓ’β¬βincluding people in sandboxed groupsΓ’β¬βcould edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets.π Read
via "National Vulnerability Database".